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1 I claim: 

2 LA graphical user interface for representing and facilitating user manipulation of access 

3 control settings for a resource comprising: 

4 one or more display regions for graphical representations of access control 

5 settings for the resource which result from transformations applied to the 

6 structured data which defines the access control settings for the resource; and 

7 one or more display regions for representation of the resource; 

8 wherein the set of display regions for representations of the settings and the 

9 display region for representation of the resource appear to the operator as in an 

10 integrated graphical user interface. 

11 2. The graphical user interface of claim 1 , wherein one or more functions modify the 

12 spatial layout of the display regions. 

13 3. The graphical user interface of claim 1 , wherein one or more functions modify the 

14 number of the display regions. 



15 4. The graphical user interface of claim 1 , wherein one or more functions modify the 

16 transformations that are applied to the structured data. 

17 5. The graphical user interface of claim 1, wherein a user is graphically represented by a 

18 display element comprising, at least in part, a likeness of the user. 

19 6. The graphical user interface of claim 5, wherein the likeness comprises, at least in part, 

20 a digital photograph, processed by a method including at least one step selected from the 

21 set of: adjusting image color saturation toward a predetermined target saturation level; 

22 converting to grayscale; adjusting image brightness toward a predetermined target 

23 brightness level; adjusting image contrast toward a predetermined target contrast level; 
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1 adjusting image sharpness toward a predetermined target sharpness level; and masking 

2 with a shape selected from a set comprising ovals and outlines of a bust. 

3 7. The graphical user interface of claim 1 , wherein the set of display regions further 

4 comprises: 

5 a display region for a graphical representation of a set of groups and users and 

6 their respective access privileges as defined by existing structured data for the 

7 resource; and 

8 a display region for a graphical representation of the result of transforming the set 

9 of groups and users and their respective access privileges into a corresponding set 

10 of individual users only and their respective effective access privileges. 

11 8. The graphical user interface of claim 1 , further comprising a first display region for a 

12 graphical representation of at least one set of known users and groups, wherein the 

13 operator can designate indicia for the known users and groups and visually associate the 

14 designated indicia with a second display region to change the structured data which 

15 defines the access control settings for the resource. 

16 9. The graphical user interface of claim 8, wherein the first display region is reduced in 

17 size until activated by the user, and the first display region is increased in size upon 

18 activation. 

19 10. A graphical user interface for representing access log information and access control 

20 settings for a resource, wherein at least one display region contains a graphical 

21 representation of a set comprising one or more individual users, and wherein each of the 

22 individual users is graphically represented by a visual element which comprises: 

23 the identity of the individual user having read privilege for the resource; and 

24 a differing visual element for indicating that the user has write privilege for the 

25 resource; and one or more of the following visual elements: 
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1 the time of the most recent read access by the user to the resource; 

2 the time of the most recent write access by the user to the resource; 

3 indication whether the most recent write access by the user to the resource is the 

4 most recent write access by any user to the resource; 

5 indication whether the most recent read access by the user to the resource has 

6 been before the most recent write access by any user to the resource; 

7 indication whether the most recent read access by the user to the resource has 

8 been since the most recent write access by any user to the resource; and 

9 indication whether the user currently is without read privilege for the resource. 

10 11. The graphical user interface of claim 10, wherein the set of individual users consists 

1 1 of: the set of users who have any access privilege at all for the resource; and the set of 

12 users who have accessed the resource in the past although they currently are without any 

13 access privilege for the resource. 



14 12. The graphical user interface of claim 10, further comprising a display region for a 

15 representation of the resource, wherein the display region for representation of the set of 

16 users and the display region for representation of the resource appear to the operator as an 

17 integrated graphical user interface. 



18 13. A graphical user interface for representing access privileges for a user for one or more 

19 member resources in a collection of resources, wherein at least one display region 

20 contains a navigable structured graphical representation of the collection of resources, 

21 and wherein each member resource is graphically represented by a visual element which 

22 identifies the resource and which, by applying a predetermined set of steps, indicates the 

23 user's effective access privileges for the resource by variations in at least one appearance 

24 parameter selected from the set comprising: indicative icons; color; transparency; height; 

25 width; and font parameters, and wherein in the visual element representing the resource 
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1 can be designated by the operator, regardless of variations in appearance, and wherein 

2 dynamic graphic feedback for a visual element designated by the operator indicates 

3 information comprising the identity of the selected resource; and dynamic graphical 

4 feedback for a resource approached for being designated by the operator indicates 

5 information comprising the identity of the approached resource. 

6 14. The graphical user interface of claim 13, wherein the collection of resources is 

7 organized as a hierarchy of resources and the navigable structured graphical 

8 representation is a graphical tree. 

9 15. The graphical user interface of claim 13, wherein the collection of resources is a set 

10 of resources and the navigable structured graphical representation is a table view. 

1 1 16. The graphical user interface of claim 13, wherein the variations in appearance 

12 comprise a reduction in height for each resource for which the user is without any access 

13 privilege and the dynamic graphical feedback comprises using regular height for 

14 indicating identity. 

15 17. A graphical user interface for representing a set of a variable number of items in 

16 limited display space comprising: a visible region, a virtual plane, and overflow 

17 indicators, wherein each of the represented items is graphically represented by a 

18 predetermined visual element; each of the visual elements is positioned in the virtual 

19 plane; the virtual plane is masked by the visible region, permitting display of only a part 

20 of the virtual plane; the overflow indicators are located inside the visible region; the 

21 overflow indicators are located near such edges of the visible region beyond which more 

22 of the item displays are not visible; the number of overflow indicators is zero in case all 

23 of the item displays fit inside the visible region; a plurality of functions are implemented 

24 which change the position of the virtual plane relative to the visible region; a context 

25 dependent subset of the functions is available for selection by the operator for immediate 

26 and subsequent use; the visible region remains constant in size and shape, even when the 

27 number and locations of the overflow indicators are changing; and the overflow 
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1 indicators are graphically represented by using at least one method selected from the 

2 group of transparency, color change, saturation change, brightness change and anti- 

3 aliasing, whereby there is a smooth transition between the appearance of the user 

4 interface when all items fit and the appearance when there is overflow. 

5 18. The graphical user interface of claim 17, wherein the item displays are predominantly 

6 of low color saturation; and the overflow indicators are of distinctively higher color 

7 saturation, whereby the operator is visually alerted in case there is overflow. 

8 19. The graphical user interface of claim 17, wherein the overflow indicators near an 

9 edge of the visible region by variations in their graphical appearance convey information 

10 about the number of the item displays which are not visible. 

1 1 20. The graphical user interface of claim 17, wherein the represented items are entities 

12 that have access privileges for a resource. 

13 21 . A user interface for representing and manipulating access control settings for a 

14 resource, comprising structured data representing access control settings for users related 

15 to the resource, and stored executable macros for invoking steps to manipulate the 

16 structured data, wherein the structured data also contains data that results from expansion 

17 of one or more of the macros. 

18 22. A method for controlling access to one or more elements from a document encoded in 

19 a markup language, comprising the steps of: 



20 (a) determining the identity of a user attempting to access the document; 

21 (b) processing the document by recursively 

22 (1) parsing each element of the document, comprising an evaluation of 

23 access control function attributes which may be present within an element 

24 using attribute values that reference resources to determine access 

25 privileges of the determined user for the referenced resources; and 

26 (2) permitting or denying access to the element based on the determined 

27 access privileges. 
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1 23. The method of claim 22, comprising the additional step of creating copies of the 

2 encoded documents and transmitting the copies to the accessing user, wherein the 

3 original encoded documents are not modified by the processing step. 

4 24. A method for access control to resources wherein the step of permitting access to a 

5 resource comprises evaluation of whether a user has the right to access a resource that 

6 references the requested resource, and is currently accessing the referencing resource, and 

7 if so, permitting access to the requested resource. 

8 25. A system for access control for resources in a branching hierarchy of resources, 

9 comprising structured data that defines access control settings for a resource which may 

10 optionally contain references to other resources within the hierarchy of resources; 

1 1 wherein access control settings of the referenced other resources are merged by a 

12 predetermined algorithm with the structured data to determine effective access control 

13 settings. 

14 26. The system of claim 25, wherein the predetermined algorithm performs unions of sets 

15 of entities which make up the access control settings of the referenced other resources 

16 and corresponding sets of entities which are defined by the structured data. 

17 27. The system of claim 25, wherein inheritance within the hierarchy of resources defines 

18 access control settings for a resource for which there is no directly defining structured 

19 data, and a plurality of inheriting resources can share a single instance of defining 

20 structured data. 
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